Automate the right path to achievement with Cisco SecureX

Take back control having an integrated security platform

Within a makeshift SOC within the part of his house, Matt begins his time with a good alarm heading off on his personal computer. You can find four monitors collectively ganged, several consoles on each one of them, and numerous empty coffee mugs. This possibly draws a snapshot of what’s been genuine for most of us. Along with the never-ending checklist of alerts within his inbox each morning, he could be building playbooks, danger hunting, scanning information for the latest strike updates, and investigating alerts. Espresso stopped working a few of hrs ago. Matt your day wished he had additional time in. and it’s just 9 AM. 

Imaginelectronic if Matt started his early morning by merely reviewing the task that already occurred through scheduled or eventbased automation. The orchestration would just happen in the backdrop, dramatically lowering the friction and repetition inside his processes, save time, and reduced ongoing costs. Attempting to counter attacks with guide processes is like fighting the losing fight against relentlessly active adversaries. With attackers automating their offense, security teams must do exactly the same for the stronger protection powered by an integrated security system. 

Cisco SecureX maximizes effectiveness

It’s been almost per year since we announced the Cisco SecureX platform from RSA 2020. You don’t want me to telectronicll you it’s been quite a trip since then. We had no concept, nevertheless, of the rigor of the checks that SecureX would have before it still turned per year old.With SecureX, we reimagined how safety enabled your business – the have to consolidate efficiency, simplify operations, and develop an open up platform that would use customers existing environments

Getting started with protection automation&nbsp and orchestration;

Inside my last blog, We spoke about the benefits of making use of orchestration and how it can maximize operational performance. SecureX orchestration is really a workflow automation function of our system that enables one to define workflows to replace your typical security procedures; the automation steps (routines), the circulation or logic between these ways, and how exactly to flow data in one step to another. With Cisco SecureX, it is possible to leverage Cisco and third-party systems, apps, databases, and network gadgets in your atmosphere to generate these workflows. The system includes complete multi-domain orchestration with a no/low-code technique and an intuitive drag-and-fall canvas to provide a high-efficiency, scalable playbook automation capacity. 

Let’s chat about two essential use cases that present possibilities for automation inside your environment. Today both workflows are specially relevant, having an uptick in phishing frauds during the current worldwide pandemic and the latest SolarWinds source chain attack.  

1) Maneuvering the SolarWinds attacks with an integrated approach  

Cyberattacks targeting the program supply chain have already been on the increase. December because the discovery of the SolarWinds offer chain attack in earlier, some security groups are scrambling to measure the impact, whilst others are usually revisiting their risk administration practices and incident reaction playbooks. On the vivid aspect, the Solarwinds attack may be considered a catalyst for transformation in your company. As the industry involves conditions with the scope of the SolarWinds Orion / Sunburst backdoor cyberattack and related breaches, we has taken measures to help customers and also require been impacted. As the whole tale continues to evolve, customers desire to understand immediate dangers with their business, how exactly to recover if they have already been breached, and what they are able to do to boost their security posture later on. Here is how it is possible to maneuver the SolarWinds Episodes with an wentegrated approach.

The SolarWinds supply chain attack workflow is made to conduct a good automated investigation in line with the content of the Talos SolarWinds threat advisory blog post. The workflow begins by making use of thelectronic post as a supply for observables and then SecureX threat response determines which of these observables are worthy of digging directly into. Since SecureX is getting used to investigate, the full total outcomes of the workflow are tailored to each customer’s environment and telemetry from their integrated products. Once the investigation is full, you may record the findings in the SecureX threat response casebook and incident manager, ServiceNow incident ticket, and send notifications making use of Webex Groups, Slack, and email. The workflow comes with an substitute for create an approval job that also, upon approval, models off automated remediation for non-clear observables. You may automate security workflows which are reactive to network and program states. Sufficient reason for playbooks that carry out at machine speed, customers can reduce analysis and response time whilst improving accuracy with less overhead also.   

“In order to know the effect of the Orion malware, it shall say, “Hey, This web page is had by myself showing me personally indicators of compromise with SecureX, ” I get yourself a button in my browser and We say basically, whatever is with this page, check out it against my live atmosphere.”  

Wouter Hindriks
Technical Group Lead Network & Safety at Missing Item BV 

Discover the sample workflow HERE

Notice how Cisco is continue following the SolarWinds breach and understand how the SecureX platform strategy can reduce dwell period for infrastructure attacks by exploring our rapid response webpage.  

2) Automate Phishing investigations and remediation

Phishing emails aren’t a new kind of threat to many security professionals but coping with the growing quantity and potential influence of them requires an revolutionary solution. The SecureX system now works with the sample workflow for phishing which will help you accelerate investigation and react to phishing-based email threats inside your atmosphere. By shortening the investigation timeline through safety automation, your group can make sure that they’re not really wasting important cycles performing repetitive, guide tasks.

This workflow was created to end up being triggered by a contact arriving inside a phishing investigation mailbox. When a contact is obtained, the workflow investigates its accessories and attempts to find out if anything inside the e-mail (or its accessories) was suspicious or even malicious.  This accelerates risk hunting and incident administration. If anything malicious or suspicious is available, an individual who submitted the e-mail is told to delete it. A SecureX threat response casebook and incident also&nbsp are;created and notifications via&nbsp are sent;Webex Email and teams. This effective workflow simplifies the complexity of handling phishing attempts, providing mailbox monitoring for incoming phishing reports. 


Next steps: Getting started off with SecureX

Security orchestration between a number of technologies shall create possibilities for automation crucial for success in the present day threat landscape. Now Matt will get a head focus on pre-constructed sample workflows aligned to typical use cases that may remove friction in the procedures and automate routine duties.

Set SecureX up inside minutes and start to see the benefits immediately almost! Get Simplicity. Visibility. Today efficiency. If you are not used to Cisco, explore our portfolio to start out a trial. And when you’re already a Cisco Protected customer and desire to learn more? View an instant SecureX demo and explore additional workflows on GitHub for more information.

More resources:

%d bloggers like this: